feat(api): admin set flexible fields + field-definition listing

- GET /api/admin/field-definitions (ViewInternal) — lists all registered field definitions with key, data_type, vocabulary_id, authority_kind, required, group, and localized labels - PUT /api/admin/objects/{id}/fields (EditCatalogue) — replaces an object's flexible-field values with replace semantics; validates every key against the registry (UnknownField → 422, TypeMismatch → 422, Unresolved → 422, ObjectNotFound → 404, Db → 500) - FieldDefinitionView DTO added; both handlers registered in OpenAPI Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-02 22:09:43 +02:00
parent 34e5754815
commit b6a30c3995
3 changed files with 217 additions and 4 deletions
@@ -7,7 +7,7 @@ use axum::{
    extract::{Path, Query, State},
    http::StatusCode,
    response::IntoResponse,
-    routing::get,
+    routing::{get, put},
 };
 use domain::{AuditActor, CatalogueObject, ObjectId, ObjectInput, Visibility};
 use serde::{Deserialize, Serialize};
@@ -345,6 +345,112 @@ pub(crate) async fn delete_object(
    }
 }

+/// Field-definition descriptor for the UI to render forms.
+#[derive(Serialize, ToSchema)]
+pub(crate) struct FieldDefinitionView {
+    pub key: String,
+    /// "text" | "localized_text" | "integer" | "date" | "boolean" | "term" | "authority".
+    pub data_type: String,
+    pub vocabulary_id: Option<String>,
+    pub authority_kind: Option<String>,
+    pub required: bool,
+    pub group: Option<String>,
+    pub labels: Vec<LabelView>,
+}
+
+/// List all field definitions. Requires `ViewInternal`.
+#[utoipa::path(
+    get, path = "/api/admin/field-definitions",
+    responses(
+        (status = 200, body = [FieldDefinitionView]),
+        (status = 401),
+        (status = 403)
+    )
+)]
+pub(crate) async fn list_field_definitions(
+    _auth: Authorized<ViewInternal>,
+    State(state): State<AppState>,
+) -> Result<Json<Vec<FieldDefinitionView>>, StatusCode> {
+    let defs = db::fields::list_field_definitions(state.db.pool())
+        .await
+        .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
+
+    Ok(Json(
+        defs.into_iter()
+            .map(|d| {
+                let (data_type, vocabulary_id, authority_kind) = d.field_type.to_parts();
+
+                FieldDefinitionView {
+                    key: d.key,
+                    data_type: data_type.to_owned(),
+                    vocabulary_id: vocabulary_id.map(|v| v.to_string()),
+                    authority_kind: authority_kind.map(|k| k.as_str().to_owned()),
+                    required: d.required,
+                    group: d.group_key,
+                    labels: d
+                        .labels
+                        .into_iter()
+                        .map(|l| LabelView {
+                            lang: l.lang,
+                            label: l.label,
+                        })
+                        .collect(),
+                }
+            })
+            .collect(),
+    ))
+}
+
+/// Replace an object's flexible-field values (validated against the registry).
+///
+/// **Replace semantics:** the body is the *complete* desired field set. Omitting a key
+/// that was previously set removes it — send every key the caller wants to retain.
+///
+/// Requires `EditCatalogue`.
+#[utoipa::path(
+    put, path = "/api/admin/objects/{id}/fields",
+    params(("id" = String, Path, description = "Object id (UUID)")),
+    request_body = Object,
+    responses(
+        (status = 204),
+        (status = 401),
+        (status = 403),
+        (status = 404, description = "Object not found"),
+        (status = 422, description = "Unknown field, type mismatch, or unresolved reference")
+    )
+)]
+pub(crate) async fn set_fields(
+    auth: Authorized<EditCatalogue>,
+    State(state): State<AppState>,
+    Path(id): Path<String>,
+    Json(values): Json<serde_json::Map<String, serde_json::Value>>,
+) -> Result<StatusCode, StatusCode> {
+    let object_id = id.parse::<ObjectId>().map_err(|_| StatusCode::NOT_FOUND)?;
+
+    let mut tx = state
+        .db
+        .pool()
+        .begin()
+        .await
+        .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
+
+    let result =
+        db::catalog::set_object_fields(&mut tx, actor(&auth.user), object_id, &values).await;
+
+    match result {
+        Ok(()) => {
+            tx.commit()
+                .await
+                .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
+
+            Ok(StatusCode::NO_CONTENT)
+        }
+        Err(db::catalog::FieldError::ObjectNotFound) => Err(StatusCode::NOT_FOUND),
+        Err(db::catalog::FieldError::Db(_)) => Err(StatusCode::INTERNAL_SERVER_ERROR),
+        Err(_) => Err(StatusCode::UNPROCESSABLE_ENTITY),
+    }
+}
+
 /// Admin object routes, parameterized over [`AppState`].
 pub(crate) fn routes() -> Router<AppState> {
    Router::new()
@@ -353,4 +459,6 @@ pub(crate) fn routes() -> Router<AppState> {
            "/api/admin/objects/{id}",
            get(get_object).put(update_object).delete(delete_object),
        )
+        .route("/api/admin/objects/{id}/fields", put(set_fields))
+        .route("/api/admin/field-definitions", get(list_field_definitions))
 }